Ashley Madison parent in $11.2 million settlement over data breach

By Jonathan Stempel

2 Min Read

A photo illustration shows the Ashley Madison website displayed on a smartphone in Toronto, August 20, 2015.Mark Blinch

(Reuters) - The owner of the Ashley Madison adultery website said on Friday it will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach.

Ruby Corp, formerly known as Avid Life Media Inc, denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge in St. Louis.

Ashley Madison marketed itself as a means to help people, primarily men, cheat on their spouses, and was known for its slogan "Life is short. Have an affair."

But the breach cost privately held Ruby more than a quarter of its revenue, and prompted the Toronto-based company to spend millions of dollars to improve security and user privacy.

Last December, Ruby agreed to pay $1.66 million to settle a probe by the U.S. Federal Trade Commission and several states into lax data security and deceptive practices, also without admitting liability.

According to Friday's settlement, users with valid claims can recoup up to $3,500 depending on how well they can document their losses attributable to the breach.

Layn Phillips, a former federal judge who mediated the settlement, said in a court filing that the accord offered "a valuable recovery for the class in the face of many obstacles," including Ruby's preference that victims arbitrate their claims.

Lawyers for Ashley Madison users may receive up to one-third of the $11.2 million payout to cover legal fees, court papers show.

The case is In re: Ashley Madison Customer Data Security Breach Litigation, U.S. District Court, Eastern District of Missouri, No. 15-md-02669.

Reporting by Jonathan Stempel in New York; Additional reporting by Solarina Ho in Toronto; editing by G Crosse and David Gregorio